eb073f43a6dab050ca333a4ad28b21e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb073f43a6dab050ca333a4ad28b21e4_JaffaCakes118
Size

261KB
MD5

eb073f43a6dab050ca333a4ad28b21e4
SHA1

0c8759ffe6b7277c4afc5787a487178a0444011f
SHA256

787cb042ed32fbfd153deb0b48094cfb08623b4b13ed6a194f925e69680a4d55
SHA512

b785cc78910de75ec3b7596f08faa4dbb8c9f8dc608811681dd42fe5bb2a334598417f4f02563da8711a513d8f2df0bbda498a9f00c25ea13605a252a9ec0e6c
SSDEEP

6144:SebyMQlvvE3P5YWRdQKQKjZNWdq2j5SzDhlNeA65xJizUHOfRGy:nyMQ9vE3PmWRKKdjZz2jsdTuigHOfRGy

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb073f43a6dab050ca333a4ad28b21e4_JaffaCakes118

Files

eb073f43a6dab050ca333a4ad28b21e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0681f950c1b543bc44ddf0782e4bd5a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrChrA

user32

PostThreadMessageA
MessageBoxA

advapi32

DeleteService

ole32

CoCreateGuid

msvcrt

__p__fmode

kernel32.dll

SetFilePointer

kernel32

LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Fi7ke
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0681f950c1b543bc44ddf0782e4bd5a6

Headers

File Characteristics

Imports

shlwapi

user32

advapi32

ole32

msvcrt

kernel32.dll

kernel32

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.vmp0 Size: - Virtual size: 22KB

.vmp1 Size: 54KB - Virtual size: 54KB

.vmp0 Size: 512B - Virtual size: 156B

.vmp1 Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 232B

Fi7ke Size: 512B - Virtual size: 512B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.vmp0
Size: - Virtual size: 22KB

.vmp1
Size: 54KB - Virtual size: 54KB

.vmp0
Size: 512B - Virtual size: 156B

.vmp1
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 232B

Fi7ke
Size: 512B - Virtual size: 512B